Skip to main content
Recent Posts
91
Feature Discussion / Re: Search Issues
Last post by Spuds -
Quote from: Frenzie – other than that I've never really understood the view that only shows topic titles.
If you are referring to the search results page only showing the subject line and no body (for some results), this has been addressed.  That was caused when you were searching (topic based, which is the default) and the topic had enough relevance to appear in the results, but the specific message that was picked only had the term in the subject.

I've implemented the short topic and short message tweaks to help with relevance issues.  Fixed likes weight (if used) as it was not circulated correctly, Fixed not showing any body text for some results. Fixed it not showing results in a compact view. Tweaked the term highlighting when searching on messages. Changed the behavior of linking to the last matched message in a topic to instead be the first match message.
92
Site Feedback / Re: site slow
Last post by Spuds -
Just to add to the info.

  • In a default Alpine Linux install, nslookup existed but not the host command (until you instal bind-util)
  • In a default Ubuntu install, just the oposite, host existed but not nslookup (until you install  bind9-dnsutils)
  • The output of nslookup on *nix is different than windows, so the current regex will not work on both systems
  • At some point nslookup was marked for depreciation and then that was reverted (we are talking 15+ years ago) which may explain why it was used on windows only.  But by default it is in windows, but not all *nix installs.
  • I don't have an explanation for mt_rand() being used.  Perhaps someone was concerned about the timeout being to short (some DNS responses can take more than a second) so if you did not have the host name in cache you had a 50/50 chance of running host w/timeout and then possibly gethostbyaddr() with no timeout or just gethostbyaddr()
Quote from: tino –
Code: [Select]
function gethostbyaddr_timeout($ip, $dns, $timeout = 1000)
That is an interesting approach .. looks like it would have to be improved to support ipv6 as well
93
Theme development / Re: Thoughts for 2.0 Theme
Last post by Trekkie101 -
Some thoughts after being gone a while and setting up a forum for the first time in forever. Here's my theme thoughts.

- I really like the _custom.css thing.

- I don't know what the up/down arrow thing is on the left is for? What is its function?

- I dragged font-awesome back in using @import because it's so easy (I dunno how to make a web svg data thing) maybe theres some easier way I'm missing. Can we still use icon packs any other way?

- Some of the variables in the css are named -medium-green etc, which doesn't make sense if I apply a new colour, maybe css variable names without colours are needed?


- I ended up using only a few colours to generate the whole forum. Maybe 5/6 hex codes in total. We could perhaps include a 'simple_custom.css' variant that's just a 'light' copy but there would only be 5 colours/palette you picked as highlights which would let it seem very easy to customise but essentially is just to get a colour match so it can easily fit with most sites.
(Possibly worth adding a hex colour picker in theme settings in admin panel if this idea is not bad).

- As powerful as the theme system is, I believe most people just want a quick way to colour match their site.

- SMF has an official mod for it, but I think a smaller version (less options) would do a lot for integration.

94
Site Feedback / Re: site slow
Last post by tino -
Code: [Select]
function gethostbyaddr_timeout($ip, $dns, $timeout = 1000)
{
    // random transaction number (for routers etc to get the reply back)
    $data = rand(0, 99);
    // trim it to 2 bytes
    $data = substr($data, 0, 2);
    // request header
    $data .= "\1\0\0\1\0\0\0\0\0\0";
    // split IP up
    $bits = explode(".", $ip);
    // error checking
    if (count($bits) != 4) return "ERROR";
    // there is probably a better way to do this bit...
    // loop through each segment
    for ($x=3; $x>=0; $x--)
    {
        // needs a byte to indicate the length of each segment of the request
        switch (strlen($bits[$x]))
        {
            case 1: // 1 byte long segment
                $data .= "\1"; break;
            case 2: // 2 byte long segment
                $data .= "\2"; break;
            case 3: // 3 byte long segment
                $data .= "\3"; break;
            default: // segment is too big, invalid IP
                return "INVALID";
        }
        // and the segment itself
        $data .= $bits[$x];
    }
    // and the final bit of the request
    $data .= "\7in-addr\4arpa\0\0\x0C\0\1";
    // create UDP socket
    $handle = @fsockopen("udp://$dns", 53);
    // send our request (and store request size so we can cheat later)
    $requestsize = @fwrite($handle, $data);
 
    @socket_set_timeout($handle, $timeout - $timeout%1000, $timeout%1000);
    // hope we get a reply
    $response = @fread($handle, 1000);
    @fclose($handle);
    if ($response == "")
        return $ip;
    // find the response type
    $type = @unpack("s", substr($response, $requestsize+2));
    if ($type[1] == 0x0C00)  // answer
    {
        // set up our variables
        $host = "";
        $len = 0;
        // set our pointer at the beginning of the hostname
        // uses the request size from earlier rather than work it out
        $position = $requestsize+12;
        // reconstruct hostname
        do
        {
            // get segment size
            $len = unpack("c", substr($response, $position));
            // null terminated string, so length 0 = finished
            if ($len[1] == 0)
                // return the hostname, without the trailing .
                return substr($host, 0, strlen($host) -1);
            // add segment to our host
            $host .= substr($response, $position+1, $len[1]) . ".";
            // move pointer on to the next segment
            $position += $len[1] + 1;
        }
        while ($len != 0);
        // error - return the hostname we constructed (without the . on the end)
        return $ip;
    }
    return $ip;
}

Is probably a quicker way to do it at socket level if you have fsockopen or sockets enabled.
95
Site Feedback / Re: site slow
Last post by Trekkie101 -
From 8.1

gethostbyaddr() is gonna be the only method anyway (excluding $SERVER['REMOTE_HOST']

Maybe simplify to that and then turn it off by default?

Trying to save you effort. I've got it off anyway.
96
Site Feedback / Re: site slow
Last post by Spuds -
I'm guessing that PHP does not set any timeout in gethostbyaddr  and so the breakout which sets a 1 second timeout on host and nslookup 

I feel that function can be cleaned up some ... nslookup appears to be part of bind-utils so if you have the host command you should have nslookup.  There is also that hidden modSettings value that could get set (if your host command does not use W) but its not unset if you update your system or move to a new host or ...

Then there is the mt_rand as well, which provides a good chance it going to use gethostbyaddr anyway.  It all seems a bit suspect.
97
Site Feedback / Re: site slow
Last post by Trekkie101 -
So down the rabbit hole I went:

gethostbyaddr() in PHP may be incredibly slow. In fact it may be the cause of all the slow reports entirely. So maybe not as the new behaviour haha

The shell_exec / nslookup method is apparently faster, likely why it made it in. It's also why the 'disable hostname lookups' is included as an option.

Function exists may come with bugs vs being explicitly disabled but if function_exists is working, it's defo neater.

Quote from: https://www.php.net/manual/en/function.function-exists.phpNote:
A function name may exist even if the function itself is unusable due to configuration or compiling options (with the image functions being an example).

By default on Cloudlinux cPanel PHP 8.1 the following are disabled.
Code: [Select]
"system, exec, shell_exec, passthru, show_source"

98
Site Feedback / Re: site slow
Last post by Spuds -
Thanks for the bug report and patch!

Indeed this is a new behavior in 8.1, but they have been warning for some time that @ is a bad idea.

In a couple of areas that I've "Fixed" I did so with  if (function_exists('some_function')) which seemed to work in conjunction with functions placed on the disabled list.  Do you happen to have the list of functions that CP has added to that list?  I just want to do a code search to check if there are other unprotected areas.
Quote from: Trekkie101 – However maybe we're better going to gethostbyaddr()
Looking at that code, you may be right! 
  • Currently it will randomly, 50% chance, call host  if running on *nix (maybe with a timeout, but maybe not)
  • Failing, or missing the random, it will, again at a 50% chance, call nslookup only if on windows (all of my *nix installs have this, not sure why it was limited to windows, but its also likely 2 decades old code)
  • failing the above two it will call gethostbyaddr

    I'd imagine there is some old commentary somewhere that would explain these programmed in behaviors, but they are probably no longer relevant:man_shrugging:  Even the cache the result only if it took more that 1/2 second seems odd.